Author: jmm-guest
Date: 2007-04-24 16:29:40 +0000 (Tue, 24 Apr 2007)
New Revision: 5724
Modified:
data/CVE/list
Log:
rewrite PHP dupe entries
record older PHP fixes for etch
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-04-24 06:45:52 UTC (rev 5723)
+++ data/CVE/list 2007-04-24 16:29:40 UTC (rev 5724)
@@ -481,13 +481,9 @@
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and
PHP ...)
NOT-FOR-US: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before
4.4.5 and ...)
- - php5 5.2.0-9
- - php4 6:4.4.4-9
- NOTE: Dupe of CVE-2007-0906
+ NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884 (Multiple integer signedness errors in the printf function family
in ...)
- - php5 5.2.0-9
- - php4 6:4.4.4-9
- NOTE: Dupe of CVE-2007-0909
+ NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
@@ -625,9 +621,7 @@
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco
...)
NOT-FOR-US: Cisco Unified CallManager
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5
before ...)
- - php5 5.2.0-9
- - php4 6:4.4.4-9
- NOTE: Dupe of CVE-2007-0906
+ NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP
5 ...)
- php5 <unfixed> (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve
or ...)
@@ -2854,6 +2848,7 @@
RESERVED
CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4
before ...)
{DSA-1264-1}
+ [etch] - php4 6:4.4.4-8+etch1
- php4 6:4.4.4-9
- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS
1.1.5 ...)
@@ -3054,6 +3049,7 @@
{DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- php4 6:4.4.4-9
+ [etch] - php4 6:4.4.4-8+etch1
NOTE: fix is believed to be isolated, needs verification and backporting:
NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
NOTE: http://people.debian.org/~seanius/security/php
@@ -3061,6 +3057,7 @@
{DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- php4 6:4.4.4-9
+ [etch] - php4 6:4.4.4-8+etch1
NOTE: half of fix (odbc part) is found, still trying to dig out the
NOTE: problems related to *print functions.
NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
@@ -3088,6 +3085,7 @@
NOTE: (4) is a non-issue, as we don''t use the bundled sqlite
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- php4 6:4.4.4-9
+ [etch] - php4 6:4.4.4-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and
open_basedir ...)
- php5 <unfixed> (bug #410561; bug #410995; unimportant)
NOTE: we normally don''t spend much time on safe_mode and open_basedir